×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Fake Antivirus Peddlers Outpacing Real AV Firms

kdawson posted more than 3 years ago | from the catch-me-if-you-can dept.

Security 245

An anonymous reader tips a writeup at KrebsOnSecurity.com detailing how purveyors of fake antivirus or 'scareware' programs have aggressively stepped up their game to evade detection. The posting is based on a report from Google's malware detection team (PDF). "Beginning in June 2009, Google charted a massive increase in the number of unique fake antivirus installer programs, a spike that Google security experts posit was a bid to overwhelm the ability of legitimate antivirus programs to detect the programs. Indeed, the company discovered that during that time frame, the number of unique installer programs increased from an average of 300 to 1,462 per day, causing the detection rate to plummet to below 20 percent. ... In addition, Google determined that the average lifetime of sites that redirect users to Web pages that try to install scareware decreased over time, with the median lifetime dropping below 100 hours around April 2009, below 10 hours around September 2009, and below one hour since January 2010."

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

245 comments

Why use an unknown AV program? (1, Insightful)

Kenja (541830) | more than 3 years ago | (#32003152)

There are a number of well known AV software providers out there that have been around since the dawn of time (relatively speaking). F-Prot, Command, etc are all very good products and cost a few sandwiches a year.

Re:Why use an unknown AV program? (3, Insightful)

charliezcc (1144527) | more than 3 years ago | (#32003198)

I don't think I have to point this out, but for the sake of clarity: the point is not that the vast majority of people are straying away from known AV software providers to unknown software providers; it is that the vast majority don't know any better and believe what the computer tells them!

Re:Why use an unknown AV program? (4, Funny)

fuzzyfuzzyfungus (1223518) | more than 3 years ago | (#32003200)

Because AntiVirus 2010 has just detected dozens or even hundreds of critical security threats that your existing AV has missed!

What upgrade could be more sensible?

Re:Why use an unknown AV program? (1)

Jurily (900488) | more than 3 years ago | (#32003896)

Actually, that's a good point. Most viruses today are tested against the big brands before release.

Re:Why use an unknown AV program? (0)

Anonymous Coward | more than 3 years ago | (#32003980)

hundreds?

It sounds like what happens every time I install a microsoft product then get updates to it every week for a new critical security threat.

Or install a "service pack" that claims I had a billion critical security threat.

Re:Why use an unknown AV program? (3, Insightful)

0racle (667029) | more than 3 years ago | (#32003238)

To be nice, the average user is very naive. If they see a popup saying they need this AV, they trust it.

Re:Why use an unknown AV program? (4, Interesting)

Altus (1034) | more than 3 years ago | (#32003464)

Its shocking though, nobody would trust someone in the real world telling you that you need something they are providing without some kind of double check.

If someone showed up at your house and told you that your water could kill because of some microbe you have never heard of that they claim is getting into your pipes and the only way to make yourself safe is to install this helpful filter that they are selling would you believe them?

Re:Why use an unknown AV program? (1)

lukas84 (912874) | more than 3 years ago | (#32003516)

There are plenty of people making money of exactly this scheme.

Re:Why use an unknown AV program? (2, Insightful)

skine (1524819) | more than 3 years ago | (#32003690)

It's not a scheme, it's marketing.

Re:Why use an unknown AV program? (0)

Anonymous Coward | more than 3 years ago | (#32003754)

If only Madoff had you as a lawyer.

Re:Why use an unknown AV program? (1)

Fred_A (10934) | more than 3 years ago | (#32003520)

If someone showed up at your house and told you that your water could kill because of some microbe you have never heard of that they claim is getting into your pipes and the only way to make yourself safe is to install this helpful filter that they are selling would you believe them?

A /. reader probably not, but the general public ?

If there was any profit in it, you could easily create a scare campaign about DHMO which could turn very messy. People can be insanely gullible when you present things the right way.

Re:Why use an unknown AV program? (1)

Darkinspiration (901976) | more than 3 years ago | (#32003534)

To be fair a lot of people would. It's just that in the real world the amount of complaint youd drive the cop after the scammer pretty quickely. On the web the police can't/won't run after the scammer.

Re:Why use an unknown AV program? (2, Funny)

Tryle (1159503) | more than 3 years ago | (#32003572)

Well just for your information, my filter is working quite well thank you!

I'm just not quite sure how it works when they never actually connected it to my water pipes but hey I'm still alive to post this thanks to my filter!

Re:Why use an unknown AV program? (3, Interesting)

0racle (667029) | more than 3 years ago | (#32003644)

Its shocking though, nobody would trust someone in the real world telling you that you need something they are providing without some kind of double check.

Many mechanics rely on this not being true all the time. Cars and computers are magical things to many people, things that normal people aren't expected to be able to understand. These 'normal people' are simply used to trusting anyone, or anything now, that claims to be an expert on the subject.

Re:Why use an unknown AV program? (1)

ElectricTurtle (1171201) | more than 3 years ago | (#32003898)

Both mechanics and techs are wary that at some point they'll come across somebody who knows what they're doing but is just too lazy to do it themselves (which happens more with cars) who will out them (and potentially prosecuted them) if they try any charlatanry.

Re:Why use an unknown AV program? (1)

G00F (241765) | more than 3 years ago | (#32003730)

Bad analogy for your angle, the water purification market uses that exact tactic and is alive and well.

That is exactly what the fake AV companies do (and some of the real ones)

But the real trick is most of the time people don't know they installed anything, their compare said it had problems click here to fix, and now they have more problems . . . but those can be fixed by buying full pro version.

Re:Why use an unknown AV program? (1)

ElectricTurtle (1171201) | more than 3 years ago | (#32003846)

Actually there are some places where water purification is necessary. Go to Moline, IL and see how you like the tap water. Is it safe? Of course, but it's nasty. Water purification companies never say that the alternative isn't 'scary unsafe' just that the purified water tastes better, and compared to some places, it might.

Re:Why use an unknown AV program? (3, Informative)

natehoy (1608657) | more than 3 years ago | (#32003734)

Oh my God! Who do I make that check out to again? No, can't wait for it to clear, let me just give you my mattress and you can take how much it is, OK, I can't number very well.

OK, seriously...

Remember that many of the victims of scams like this don't know any better. These aren't random people showing up at their houses, they are ads showing up on websites. But many don't even know that.

They only know that their "computer person" has told them to make sure their AntiVirus is working correctly, and that the computer has just told them that their AntiVirus has stopped working correctly but the nice warning offered to fix it for them. Many of the newer ones look pretty legitimate, too, and have multiple URLs so when you Google them fake review sites come up and gush enthusiastically about how great the product is.

I have a co-worker who has been hit by this. I support 2 co-workers' home computers. They are otherwise intelligent people who use the preconfigured computers here at work every day. I give them lists of free antivirus packages they can load, and the one who had the problem came in and told me that her subscription to n0d ran out, but that the computer had warned her to replace it with "AntiVirus 2010" which had a free trial, but she noticed that once she installed it the computer slowed down.

She's not dumb, just on the low end of computer literacy. She knew that she needed to avoid popups and to run an Antivirus client, but this specific popup looked like a dialog box and she knew that her AV was running out, so she assumed it was like all the other warnings Windows Seven likes to send her about updates and such.

Re:Why use an unknown AV program? (3, Funny)

Hummdis (1337219) | more than 3 years ago | (#32003738)

You have have seen this about dihydrogen monoxide [xs4all.nl] and how it's being put in everyone's water supply! :)

Get a few of these to circulate and people will be in a full-blown panic. Remember, a person is smart. People are dumb.

Re:Why use an unknown AV program? (2, Insightful)

RobDude (1123541) | more than 3 years ago | (#32003740)

When a person shows up to the door, people are skeptical because they don't know that person and don't have a business relationship with them.

If you already buy an expensive product from a reputable company; you are going to be far less skeptical about things you are told about that product, by that company. If you buy a new car from Ford and the 'ABS' light comes on - provided you know nothing about cars, other than how to drive them, to believe that there is something wrong with your brakes; compared to how likely you are to believe there is something wrong with your car's brakes if a stranger knocks on your door and tells you.

When people see a pop-up on their computer; they assume it's coming from Microsoft or Dell or whatever. So, they trust it.

Re:Why use an unknown AV program? (1)

Kjella (173770) | more than 3 years ago | (#32003806)

Bad analogy because if you've never heard of the microbe there's something fishy, why hasn't there been any official alert? But everybody knows there are viruses on the Internet and that you have to protect yourself against them, it's a confirmed fact you should have anti-virus. If everybody had to filter their water and you offered the ultramagic superwhoopie cleanex filter 3000 for the low, low price of 199$ many people would buy it.

Re:Why use an unknown AV program? (3, Insightful)

AaxelB (1034884) | more than 3 years ago | (#32003828)

Its shocking though, nobody would trust someone in the real world telling you that you need something they are providing without some kind of double check.

If someone showed up at your house and told you that your water could kill because of some microbe you have never heard of that they claim is getting into your pipes and the only way to make yourself safe is to install this helpful filter that they are selling would you believe them?

A big difference is that the fake antivirus pop-ups aren't usually trying to sell you anything, they just want you to click OK! It's easy to click OK, and, for the average [clueless] user, just clicking OK doesn't feel nearly as risky as letting a stranger into your home, or buying a mysterious product.

I think most people just do a naive, clueless sort of risk assessment. If the pop-up is telling the truth, they really need the software. If the pop-up is lying... well, they're not directly paying anything and have no idea what could go wrong, so they assume it's not a problem. Therefore, they decide to click OK to install the software. To them, it's more like some random person standing on the sidewalk telling them, "You should walk on the other side of the street; there's a dead skunk halfway up the block and you really don't want to get near it." Eventually people will learn... but it may take a few generations.

Re:Why use an unknown AV program? (0)

Anonymous Coward | more than 3 years ago | (#32004068)

OH - MY - GOSH!
I'm so glad you told me.
Can you install the filter today?
I have cash, here in my sofa, just help me move the diamonds and priceless artwork first.

Even easier than that. (2, Insightful)

khasim (1285) | more than 3 years ago | (#32003506)

The "scan" window pops up and tells them that they've been infected BUT IT IS OKAY because all they have to do is click here and the nice software from the friendly company will remove the nasty viruses for them.

Yay!!!

This is just a side effect of the "real" anti-virus/security businesses having no interest in reducing/mitigating the "virus" threat. It makes too much money for them.

Re:Even easier than that. (1)

Apathist (741707) | more than 3 years ago | (#32003784)

This is just a side effect of the "real" anti-virus/security businesses having no interest in reducing/mitigating the "virus" threat. It makes too much money for them.

Said with all the arrogance and presumption of someone who knows exactly nothing of what they speak. Speaking as someone who spent over a decade as an anti-virus researcher and anti-virus engine developer, the truth is that it is infeasible for AV companies to keep up with the flood of (generated) malware that engulfs modern PCs... and, believe me, it's not for lack of trying. Have you ever seen how aggressively they complete over the VB100%* award?

* That award, like most AV testing is a sham (testing against a very small yet widely known sample of existing malware), but the point still holds: they really do want to catch the malware, if for no other reason than that the company that has the best detection rates can make the most sales.

Re:Why use an unknown AV program? (1, Interesting)

Anonymous Coward | more than 3 years ago | (#32003586)

And sometimes the production values of the fake AV are pretty high. Never underestimate how a few nice gradients, some fancy fonts and a bunch of multi-syllabic techno-words can convince Grampa to keep clicking that "Press here to scan" button. Particularly when crappy pop-ups and fake websites that it pretends to defend you from are obviously scum.

The problem I usually see is that the person clicks a link in an email or instant message that is from a known friend that did the same thing. The user gets taken to a site and realizes that they've been duped and all of a sudden some antivirus thing (that sits in the background, they never see it actually working) is all of a sudden telling them what they already know - they're infected. The fake site used to induce fear is clearly shady and looks like crap, and the shiny antivirus has leapt to your rescue.

Re:Why use an unknown AV program? (0)

Anonymous Coward | more than 3 years ago | (#32003242)

An average user has no idea what has been around and for how long; in fact, many won't tell the difference between AV/anti-spyware, firewalls, etc :)

Re:Why use an unknown AV program? (1)

_Sprocket_ (42527) | more than 3 years ago | (#32003370)

There are a number of well known AV software providers out there that have been around since the dawn of time (relatively speaking). F-Prot, Command, etc are all very good products and cost a few sandwiches a year.

For the same reason that "the Internet" is IE (or at least the IE icon) to some people.

Re:Why use an unknown AV program? (2, Funny)

Anonymous Coward | more than 3 years ago | (#32003674)

for our customers their browser is google. the internet is windows and their email doesn't work despite them typing their email address into google.

Re:Why use an unknown AV program? (0)

Anonymous Coward | more than 3 years ago | (#32003636)

There are a number of well known AV software providers out there that have been around since the dawn of time (relatively speaking). F-Prot, Command, etc are all very good products and cost a few sandwiches a year.

Did you seriously just recommend Command? FAIL.

I cant count the number of times I had to use Symantec Corporate to remove infections that got by Command in the college I work at. About the only thing Command is good for is notifying you that it has allowed an infection in and cannot remove it. Great....

Re:Why use an unknown AV program? (2, Informative)

celibate for life (1639541) | more than 3 years ago | (#32003772)

I was once infected at my work computer, which runs Windows XP SP3, while visiting the website of a private porn torrent tracker, with lots of ads. I did not click any links or solicited the installation of the program, but somehow some sort of "Antispyware 2010" appeared there. It must have been a browser exploit or something like that. It wasn't too difficult to get rid of, I just needed Malwarebytes antimalware (the free version). Anyway, now I turn off Flash and JS before browsing porn at work.

Re:Why use an unknown AV program? (3, Funny)

Nadaka (224565) | more than 3 years ago | (#32004032)

I was once infected at my work computer, which runs Windows XP SP3, while visiting the website of a private porn torrent tracker, with lots of ads. I did not click any links or solicited the installation of the program, but somehow some sort of "Antispyware 2010" appeared there. It must have been a browser exploit or something like that. It wasn't too difficult to get rid of, I just needed Malwarebytes antimalware (the free version). Anyway, now I turn off Flash and JS before browsing porn at work.

Let me guess... You work at the SEC?

Re:Why use an unknown AV program? (0)

Anonymous Coward | more than 3 years ago | (#32004034)

Sex is like oxygen, it is only a big deal if you are not getting any.

The fact that you username is a sexual reference and you openly post about browsing porn at work, I am going to have to say that you think about sex a lot and are probably not getting any.

Or Microsoft (1)

Sycraft-fu (314770) | more than 3 years ago | (#32003910)

They have a free scanner now. It's not the best AV, but it's good and no cost. I also recommend it because it is something users will trust. I mean after all, you pretty much have to trust your OS company, they could own your computer through any number of ways, they wouldn't need to use an AV program.

Re:Why use an unknown AV program? (0)

Anonymous Coward | more than 3 years ago | (#32004134)

There are a number of well known AV software providers out there that have been around since the dawn of time (relatively speaking). F-Prot, Command, etc are all very good products and cost a few sandwiches a year.

I've never heard of them and if somebody tried to tell me about them I would probably assume they're scams too. Are you sure those are well known? How certain are you that a random person with no interest in AV software would have heard of them?

Isn't this kind of expected? (1)

Behrooz (302401) | more than 3 years ago | (#32003178)

Step 1: Create a better scareware vector with a higher infection rate.
Step 2: ?????
Step 3: Profit!!!!

Seriously. There are incredibly lucrative incentives inherent in this kind of scam. No surprise they're spreading and getting smarter.

This is why i love noscript and requestpolicy (1)

aekafan (1690920) | more than 3 years ago | (#32003190)

nt

Re:This is why i love noscript and requestpolicy (0)

MozeeToby (1163751) | more than 3 years ago | (#32003250)

Or you could, you know, not install programs from random websites that you've never heard of before today. Oh, and without doing even the most basic research to check if they're legitimate. Sadly, I know at least 2 people that have fallen for these scams. Scams which the non-online equivalent would be billboards along the highway that say "Let us into your home while you're at work so we can make sure no one's robbing it!".

Re:This is why i love noscript and requestpolicy (0)

Anonymous Coward | more than 3 years ago | (#32003276)

If only wives would listen

Re:This is why i love noscript and requestpolicy (5, Informative)

plastiqueman (1255936) | more than 3 years ago | (#32003302)

I work for an IT helpdesk at a large public university and we see students come through all the time with these programs. Realistically though, the installation vector we see the most is not the installation of programs from random websites; the majority get them from clicking a link to watch a movie (still in theaters) online or even through certain ads in Facebook. These programs have simply gotten extremely clever at tricking the end user.

Re:This is why i love noscript and requestpolicy (1)

DigiShaman (671371) | more than 3 years ago | (#32003732)

Our clients get these from ad pop-ups. Generally, the 3rd party ad servers get hacked to serve out these fake AVs. So, sites such as CNN, MSNBC, Fox News, and Drudge Report is often thought to be the vector. They are not, but their 3rd party ad subscriptions are! What's worse, is that these browser instances often look like legit program update windows (Java, Flash...etc). So a user goes to install the "update" and that's when the real fun begins.

At this point, you can't really blame the user (too much really). These fake AVs are very well targeted and masked to look like the real thing.

Re:This is why i love noscript and requestpolicy (4, Insightful)

Achromatic1978 (916097) | more than 3 years ago | (#32003858)

Our clients get these from ad pop-ups. Generally, the 3rd party ad servers get hacked to serve out these fake AVs. So, sites such as CNN, MSNBC, Fox News, and Drudge Report is often thought to be the vector. They are not, but their 3rd party ad subscriptions are!

Generally, no. Generally, the reason is that the advertisers and their site owners rarely truly care. Have you seen the utter shit, spam, fakes, frauds that masquerade as Facebook ads, however often you click "X" and report it as "misleading / deceptive". Seriously, go to apple.com/store. Look for the neon green MacBook Air. You know, the one you can "test/review then keep for free"...

It's lip service. They. Just. Don't. Care. The advertisers are paying the bills, not you.

Re:This is why i love noscript and requestpolicy (1)

yuna49 (905461) | more than 3 years ago | (#32003790)

Pirated movies? Facebook? How about the New York Times [slashdot.org]?

In this case the software was distributed through one of the on-line advertising systems that feeds ads to the Times. The fact that serious, reputable publications like the New York Times don't automatically scan all third-party content like these advertisements and block those that contain scriping is just unconscionable to me. Ads with text, graphics, hell even animated GIFs, are okay in my book; scripts, no thank you.

There is a special place in hell for these people (1)

Capt.DrumkenBum (1173011) | more than 3 years ago | (#32003202)

I envision it as a desk with a computer and an infinite stack of virus infected floppies. :)

Re:There is a special place in hell for these peop (0)

Anonymous Coward | more than 3 years ago | (#32003260)

I wouldn't go that far. I'd just give them a desktop with Windows.

Re:There is a special place in hell for these peop (3, Funny)

kiehlster (844523) | more than 3 years ago | (#32003364)

And all the floppies have their write-protect switch set the wrong way and you just clipped your fingernails so you can't get your nail to catch on that stupidly annoying little slider.

We've had a couple of these (4, Funny)

IICV (652597) | more than 3 years ago | (#32003312)

We've had a couple of these at work - not fake AVs, but some weird thing that seems to change the Active Desktop so that it looks like there's an antivirus window.

The funny thing is that they look a lot more like an anti-virus program than our actual antivirus. They have this really slick fake "scanning" window that looks like something Apple would come up with if they had to design an AV scanner, while our real AV software looks like a piece of junk some poor Russian hacker cobbled together. It's sad really; the fake AVs have Symantec beat in everything from total resource usage to looks.

Re:We've had a couple of these (1)

adh72 (1161643) | more than 3 years ago | (#32003518)

It's sad really; the fake AVs have Symantec beat in everything from total resource usage to looks.

and the same great features as McAfee.

Re:We've had a couple of these (0)

Anonymous Coward | more than 3 years ago | (#32003578)

Well, yeah. You are aware these fake AV programs are fake, right? If you don't have to actually protect the machine then you can use less resources not doing so. It is somewhat humorous that they often look much more professional than the real thing, though. Of course, when your product doesn't actually do anything and the intent is to defraud people you probably would focus most of your effort on the UI.

Re:We've had a couple of these (1)

hack slash (1064002) | more than 3 years ago | (#32003950)

They're like the face & fingerprint recognition software you see in movies & tv shows that display each and every face/fingerprint in its database to compare to the suspect image - looks great but completely impractical to waste CPU cycles by displaying the information it's searching through.

Fake dope dealers (5, Funny)

oldhack (1037484) | more than 3 years ago | (#32003326)

So it's like fake dope dealers are outpacing true dope dealers.

Re:Fake dope dealers (2, Funny)

Anonymous Coward | more than 3 years ago | (#32003490)

Duuuude! Your oregano is the best!

There is a difference? (0)

Anonymous Coward | more than 3 years ago | (#32003328)

I know people who have two different malware scanners installed at the same time, plus a third-party firewall which also comes with malware protection. Needless to say, they're not happy with the performance of their computers.

They aren't all bad... (3, Funny)

boneclinkz (1284458) | more than 3 years ago | (#32003338)

I discovered Krusnikov's Virus No-Having 2007 over three years ago and it's been running in my system tray ever since, without issue.

Fake AV installs on piratebay! (0)

Anonymous Coward | more than 3 years ago | (#32003430)

Can Some one please tell me how this installs automatically and runs on my computer just by visiting a site like the piratebay?
I know not to download/install unsafe stuff and I know not to click on pop ups and I always try to stay safe but by just visiting the piratebay on IE8 and not downloading any torrents or anything I get this fake AV.
Visiting the site on Chrome I dont get this fake AV.

Re:Fake AV installs on piratebay! (3, Informative)

assassinator42 (844848) | more than 3 years ago | (#32004048)

They simply exploit a vulnerability in your browser or plugins. I've encountered one that tries to install something using Java, presumably just requiring a user to click OK to infect them. That's something that seems like it could be done accidentally. I wouldn't be surprised if it were trying to exploit some vulnerability that would auto-install the malware on older versions of Java. They probably use exploits in Flash as well. The plugins have the advantage of not being run in the IE sandbox that's used by default on Vista/7.

Impending doom... right on schedule (1)

ka9dgx (72702) | more than 3 years ago | (#32003456)

We keep ignoring the lessons the past by using discretionary access controls instead of capability based security at our own peril. The users have no way of telling what the side effects of a program are going to be, nor do we have any way of limiting them. This is a spiral downward that will eventually force everyone to learn about capabilities and cabsec.

Three Findings (0, Troll)

idiotnot (302133) | more than 3 years ago | (#32003510)

1. Education that Windows users need AV software has been overwhelmingly successful.
2. People are too cheap to go buy a boxed copy, and like in-your-face downloads (many ISPs offer AV, but you have to go hunt for it)
3. Internet Explorer and Windows are still terminally broken out-of-the-box.

Re:Three Findings (2, Insightful)

yuna49 (905461) | more than 3 years ago | (#32004004)

Concerning #3, most of these exploits use Javascript to open a phony "scanning" window. I got one of these while reading the New York Times on my Linux machine using Firefox.

Re:Three Findings (0)

Anonymous Coward | more than 3 years ago | (#32004160)

No, you didn't. These run as processes under windows and survive a reboot. They are malicious processes running on the OSl

Re:Three Findings (0, Troll)

TheP4st (1164315) | more than 3 years ago | (#32004126)

3. Internet Explorer and Windows are still terminally broken out-of-the-box.

Having cleaned Antivirus 2010/2009/2008 and more of the same ilk from countless XP machines running IE6 with no admin rights for the user I could not agree more. Yep, the majority of the users where I work do not have any admin rights yet these scam AV's cause me more annoyance than I can describe in words, an annoyance exponentially increased by the fact that the none of the tools I have at hand by the company are capable of dealing with them, leaving me to manually having to deal with the infection. I do have to say the latest iterations of this crap have really evolved in regards of making manual removal increasingly difficult, start task manager just to watch it choke and die a fraction of a second later, run a portable version of Ccleaner (non-approved), no luck it is reported as malware (by the real malware) and killed, msconfig nope that'l get killed too.

annoying (0)

Anonymous Coward | more than 3 years ago | (#32003576)

My dad actually fell for it and bought one of these for $50! He has AVG on the computer and that is all he needs, but he freaked out and did this before asking me first.
That was $50 lost that he'll never see again.....as we as the credit card that was canceled.
I use Linux - the family never listens to me.

We have these all over the school I work for (2, Interesting)

dawgs72 (1025358) | more than 3 years ago | (#32003582)

I work at a fairly small university, and at least once a week we have a faculty member's PC get infected by a fake AV. The most recent the professor had paid for the "full" version, then a week later e-mailed the "company" because he was unsatisfied with the AV and couldn't uninstall it. The company then e-mailed him with a link for a program to uninstall the fake AV, which of course didn't work, and then he decided to call us; still not realizing that the AV was fake.

EXCUSE ME SIR! (4, Funny)

ElectricTurtle (1171201) | more than 3 years ago | (#32003604)

Pardon me, sir, but I would be remiss if I didn't inform you that you have clearly contracted a rare disease that will kill you painfully in short order UNLESS you pay me to inject this substance into you. You can trust me, I'm a doctor.

....

Why is it that virtually nobody would fall for that in meatspace, but innumerable people fall for it online? It's just like the 419 scams. What is it about THE INTARWEBS that makes people exponentially more gullible than they would be to a random person on the street?

Re:EXCUSE ME SIR! (5, Insightful)

0100010001010011 (652467) | more than 3 years ago | (#32003736)

Pardon me sir, but this herb root extract can lower your blood pressure. Meaning that you can live a long and healthy life. It's not FDA approved but it's certified by these doctors.

It works just as well in meat space too.

Re:EXCUSE ME SIR! (1)

natehoy (1608657) | more than 3 years ago | (#32003762)

it's certified by these doctors.

grep/doctors/celebrities/

Doctors and celebrities (2, Insightful)

tepples (727027) | more than 3 years ago | (#32003926)

Doctors, celebrities, what's the difference in the consumer's mind? Case 1: Dr. Dre. Case 2: "Of course Hugh Laurie is a doctor. He plays one on House M.D." Case 3: People with a doctorate in something other than medicine or osteopathy.

Re:EXCUSE ME SIR! (1)

pscottdv (676889) | more than 3 years ago | (#32003814)

Why is it that virtually nobody would fall for that in meatspace, but innumerable people fall for it online?

Because it is not some stranger telling them they need it, it's their own, beloved computer!

Re:EXCUSE ME SIR! (1)

ElectricTurtle (1171201) | more than 3 years ago | (#32004050)

This is what we get for portraying viruses in movies as LSD-trip-colored renditions of Leonardo da Vinci's Vitruvian Man spouting villainistic drivel. Too bad pop-up windows saying "Click here!" with flashing yellow warning icons just don't seem to connect with movie-goers the same way.

Re:EXCUSE ME SIR! (1)

tibman (623933) | more than 3 years ago | (#32003914)

I've noticed something similar about words in print. If someone reads something in a book, it is taken as fact.. why else would it be in a book? When i was younger, Michael Chrichton books did that to me. Now i see it happening to other people.

Maybe as humans we are too trusting of our tools?

Re:EXCUSE ME SIR! (1)

Machtyn (759119) | more than 3 years ago | (#32004022)

Because many people believe what they read and watch on TV, too.

I Hope for Change! (umm, what kind of change was that again, exactly?)
This is the greatest nation on earth. Help me change it!

Re:EXCUSE ME SIR! (1)

fuzzyfuzzyfungus (1223518) | more than 3 years ago | (#32004092)

Apparently you aren't familiar with how the "alternative" (sometimes "complementary" or "holistic") medical industry operates...

and after my rounds this past week..... (2, Insightful)

Lumpy (12016) | more than 3 years ago | (#32003610)

I have informed everyone I do family and friends tech support for... they must either switch to linux or a Mac with OSX. the new internet security 2010 is an evil bastard that even kills the safe mode so you have to use a Bart PE to run combifix first and then reinstall AV and run a clean.

Screw it, I'm done. Mac mini's are as cheap as a dirt cheap dell PC. and I'll install linux for them. I am done with windows support.

Re:and after my rounds this past week..... (2, Insightful)

tepples (727027) | more than 3 years ago | (#32004018)

I have informed everyone I do family and friends tech support for... they must either switch to linux or a Mac with OSX.

Then how do they play PC games afterward?

Mac mini's are as cheap as a dirt cheap dell PC.

I just went to apple.com and dell.com; what I found disagrees with you. Mac mini: $599. Dell Inspiron 560s with Pentium dual core and 4 GB RAM: $429.

and I'll install linux for them.

Does this include installing and configuring Wine for "that one must-have app"?

Re:and after my rounds this past week..... (2, Interesting)

Machtyn (759119) | more than 3 years ago | (#32004108)

Yeah, the AV2010 thing is extremely nasti. I've recovered 4 of these in one week-end. Fortunately, none of them required a complete reinstall of the OS. And then I had one hit by the MS update BSOD issue. I actually told them to leave their computer off, waited a couple of weeks for combofix to catch up and then fixed it.

We got hit - XP Security (5, Informative)

swm (171547) | more than 3 years ago | (#32003676)

My wife's machine got hit last week.
No idea where it came from.
Been running for years with no problem.
(NetGear router seems to keep the baddies out.)

All of a sudden there's a dozen dialogs flashing dire warnings about viruses and trojans and keyloggers and malware and insisting that we "register" our copy of XP security.

Pulled the network cable and started googling (from a linux box).
The thing is pretty nasty.
It scatters pieces of itself around the file system with random names.
Then it hooks the .exe registry keys so that it gets control each time any program is run, and takes the opportunity to spawn a new copy of itself, with new dialog boxes and systray icons.

After you delete the program files, nothing runs at all, because the .exe keys are still trying to redirect through the files you just deleted.
(Hint: right click -> run as).
Then I fixed all the .exe (and related) keys by hand.
There's quite a lot of them, because it is really important for each user on a windows box to have their own semantics for running a program.
(Removal instructions on the web don't generally find them all.)

Finally (should have done this long ago) created an admin account and knocked all the user accounts down to user privilege level.

Re:We got hit - XP Security (0)

Anonymous Coward | more than 3 years ago | (#32003940)

My wife's machine got hit last week.
No idea where it came from.

Methinks I see a coincidence ;)

license (0)

Anonymous Coward | more than 3 years ago | (#32003686)

I still think there should be a course given for a Internet License. This way if you dont base your not aloud to go on the internet. Well atleast in large corperations/government facilitys. cough cough (where i am). These people just can't stop clicking on stuff. They never read just click

Re:license (1)

gyrogeerloose (849181) | more than 3 years ago | (#32003942)

I still think there should be a course given for a Internet License. This way if you dont base your not aloud to go on the internet. Well atleast in large corperations/government facilitys. cough cough (where i am). These people just can't stop clicking on stuff. They never read just click

Such poor spelling, punctuation and grammar skills and you're working in a government facility? Man, I can only hope it's not my government you're working for.

Re:license (1)

knarfling (735361) | more than 3 years ago | (#32004148)

A spelling or grammar course might also be advised.

I still think there should be a course given for an Internet License. This way if you don't base(pass?), you're not allowed to go on the internet. Well, at least in large corporations/government facilities.

What really scares me is that this might really reflect the "upper crust" of today's government employee.

Informed (0)

Anonymous Coward | more than 3 years ago | (#32003774)

Hey I was just informed by Mr Naroob Jahoni (son of the former finance minister to Nigeria who was tragically killed in a car crash) that he has 14 Million dollars is a suitcase ready to transfer to my account. Thank goodness this popup came up and let me know there are TONS of viruses which are now being cleaned, totally free, by this awesome company. I would hate for anything to interrupt my communications with Mr Jahoni as he said I could have a rather large commission upon my submission

Re:Informed (1)

gyrogeerloose (849181) | more than 3 years ago | (#32003870)

I'm sorry to tell you this, but you've been duped. Mr. Jahoni has already agreed to transfer that money to my account.

Complete Fakes (1)

nexttech (1289308) | more than 3 years ago | (#32003796)

I always find it funny when I get a popup from my browser on Linux asking if I would like a anti-virus scan. Sometimes it will show me how my C: drive is corrupted and would I like to pay for a version of their anti virus software. One of these even offered to replace my system32.dll . This just shows how fake these scans really are

Re:Complete Fakes (2, Funny)

Cro Magnon (467622) | more than 3 years ago | (#32003972)

Are you sure it's a fake? Maybe you really don't have a working system32.dll on your Linux system. You need to replace it ASAP!

Re:Complete Fakes (0)

Anonymous Coward | more than 3 years ago | (#32004066)

Linux. It's like a condom for browsing porn.

White List Anyone? (1)

whitedsepdivine (1491991) | more than 3 years ago | (#32003820)

Instead of listing all the bad programs, why don't they list all the good programs? If a virus has a lifespan of a few hours, the only way to prevent it other than figuring out how they are changing, is to white list all the good programs.

Real antivirus programs (0)

Anonymous Coward | more than 3 years ago | (#32004098)

like Mcaffee are so much more reliable aren't they...

getting worse (1)

JackSpratts (660957) | more than 3 years ago | (#32004158)

my mom's pc got one of these over the holidays while a teen cousin was surfing flash game sites. the pop-ups would not go away. at boot up pages wouldn't load because the warning box insisted on a click before progressing further. anti-malware had no effect, neither system restore nor anything else i could think of was successful.

even the computer shop was at a loss. after ten days the os required re-installation with a resultant loss of all data.

don't make the mistake of thinking this is merely an issue of rubes accepting come-ons from scareware vendors. it's beyond that now. these apps are injected instantly via poisoned sites and your pc is compromised well before you "accept" any blackmail terms. we found to our dismay nothing for sophisticated users nor technicians to fix.

thanksgiving was a real eye opener for me.

i surf exclusively with adblock and noscript now. no ads. no scripts. period.

until site owners deal with this i won't do otherwise.

-js.

Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...